diff options
| author | Ben Banfield-Zanin <benbz@matrix.org> | 2021-03-01 10:06:09 +0000 |
|---|---|---|
| committer | Ben Banfield-Zanin <benbz@matrix.org> | 2021-03-01 10:06:09 +0000 |
| commit | b26bee9faf957643cd34c4146b250b0009be205d (patch) | |
| tree | a7a7e29f30acb437d010bdf6116c0f2729f21a1b /UPGRADE.rst | |
| parent | Merge remote-tracking branch 'origin/release-v1.26.0' into toml/keycloak_hints (diff) | |
| parent | Fixup changelog (diff) | |
| download | synapse-toml/keycloak_hints.tar.xz | |
Merge remote-tracking branch 'origin/release-v1.28.0' into toml/keycloak_hints github/toml/keycloak_hints toml/keycloak_hints
Diffstat (limited to 'UPGRADE.rst')
| -rw-r--r-- | UPGRADE.rst | 55 |
1 files changed, 54 insertions, 1 deletions
diff --git a/UPGRADE.rst b/UPGRADE.rst index d09dbd4e21..6f628a6947 100644 --- a/UPGRADE.rst +++ b/UPGRADE.rst @@ -85,6 +85,59 @@ for example: wget https://packages.matrix.org/debian/pool/main/m/matrix-synapse-py3/matrix-synapse-py3_1.3.0+stretch1_amd64.deb dpkg -i matrix-synapse-py3_1.3.0+stretch1_amd64.deb +Upgrading to v1.27.0 +==================== + +Changes to callback URI for OAuth2 / OpenID Connect and SAML2 +------------------------------------------------------------- + +This version changes the URI used for callbacks from OAuth2 and SAML2 identity providers: + +* If your server is configured for single sign-on via an OpenID Connect or OAuth2 identity + provider, you will need to add ``[synapse public baseurl]/_synapse/client/oidc/callback`` + to the list of permitted "redirect URIs" at the identity provider. + + See `docs/openid.md <docs/openid.md>`_ for more information on setting up OpenID + Connect. + +* If your server is configured for single sign-on via a SAML2 identity provider, you will + need to add ``[synapse public baseurl]/_synapse/client/saml2/authn_response`` as a permitted + "ACS location" (also known as "allowed callback URLs") at the identity provider. + +Changes to HTML templates +------------------------- + +The HTML templates for SSO and email notifications now have `Jinja2's autoescape <https://jinja.palletsprojects.com/en/2.11.x/api/#autoescaping>`_ +enabled for files ending in ``.html``, ``.htm``, and ``.xml``. If you have customised +these templates and see issues when viewing them you might need to update them. +It is expected that most configurations will need no changes. + +If you have customised the templates *names* for these templates, it is recommended +to verify they end in ``.html`` to ensure autoescape is enabled. + +The above applies to the following templates: + +* ``add_threepid.html`` +* ``add_threepid_failure.html`` +* ``add_threepid_success.html`` +* ``notice_expiry.html`` +* ``notice_expiry.html`` +* ``notif_mail.html`` (which, by default, includes ``room.html`` and ``notif.html``) +* ``password_reset.html`` +* ``password_reset_confirmation.html`` +* ``password_reset_failure.html`` +* ``password_reset_success.html`` +* ``registration.html`` +* ``registration_failure.html`` +* ``registration_success.html`` +* ``sso_account_deactivated.html`` +* ``sso_auth_bad_user.html`` +* ``sso_auth_confirm.html`` +* ``sso_auth_success.html`` +* ``sso_error.html`` +* ``sso_login_idp_picker.html`` +* ``sso_redirect_confirm.html`` + Upgrading to v1.26.0 ==================== @@ -198,7 +251,7 @@ shown below: return {"localpart": localpart} -Removal historical Synapse Admin API +Removal historical Synapse Admin API ------------------------------------ Historically, the Synapse Admin API has been accessible under: |